SmartBugs is an extensible platform with a uniform interface to tools that analyse blockchain programs for weaknesses and other properties.
-
20 supported tools, 3 modes for analysing Solidity source code, deployment bytecode, and runtime code.
-
Modular integration of analysers. All it takes to add a new tool is a Docker image encapsulating the tool and a few lines in a config file. To make the output accessible in a standardised format, add a small Python script.
-
Parallel, randomised, restartable execution of the tasks for the optimal use of resources when performing a bulk analysis. If execution is interrupted, it can be resumed by running SmartBugs with the same parameters again.
-
Standardised output format. Scripts parse and normalise the output of the tools to allow for an automated analysis of the results across tools.
-
Automatic download of an appropriate Solidity compiler matching the contract under analysis, and injection into the Docker image.
-
Output of results in SARIF format, for integration into Github workflows.
-
Platform independence: SmartBugs has been tested with Linux, MacOS and Windows.
version | Solidity | bytecode | runtime code | |
---|---|---|---|---|
ConFuzzius | #4315fb7 v0.0.1 | ✔️ | ||
Conkas | #4e0f256 | ✔️ | ✔️ | |
Ethainter | ✔️ | |||
eThor | 2023 | ✔️ | ||
HoneyBadger | #ff30c9a | ✔️ | ✔️ | |
MadMax | #6e9a6e9 | ✔️ | ||
Maian | #4bab09a | ✔️ | ✔️ | ✔️ |
Manticore | 0.3.7 | ✔️ | ||
Mythril | 0.24.7 | ✔️ | ✔️ | ✔️ |
Osiris | #d1ecc37 | ✔️ | ✔️ | |
Oyente | #480e725 | ✔️ | ✔️ | |
Pakala | #c84ef38 v1.1.10 | ✔️ | ||
Securify | ✔️ | ✔️ | ||
Semgrep | #c3a9f40 | ✔️ | ||
sFuzz | #48934c0 (2019-03-01) | ✔️ | ||
Slither | 0.10.4 | ✔️ | ||
Smartcheck | ✔️ | |||
Solhint | 3.3.8 | ✔️ | ||
teEther | #04adf56 | ✔️ | ||
Vandal | #d2b0043 | ✔️ |
SmartBugs has been tested with Linux, MacOS and Windows. It depends on Docker and Python. For details, see the installation instructions.
SmartBugs provides a uniform command-line interface to all tools. Two utilities allow the user to reparse analysis results at any time after the analysis and to extract the data into a form suitable for a database.
As an example, the following commands analyse the contracts in the samples
folder with all available tools and write the parsed output to results.csv
.
./smartbugs -t all -f samples/* --timeout 600
./reparse results
./results2csv -p results > results.csv
For details, see the usage notes and the SmartBugs wiki.
See our information on available datasets if you are looking for input data. The number of contracts in these datasets ranges from 10 to 250,000.
If you use SmartBugs or one of the datasets above, you may want to cite your sources. See the list of publications for details.
You can show your appreciation for the project and support future development by donating.
🙌 ETH Donations: 0xA4FBA2908162646197aca90b84B095BE4D16Ae53
🙌
The license applies to all files in the repository,
with the exception of the smart contracts in the samples
folder.
The files there were obtained from Etherscan
and retain their original licenses.